Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Re: W2k Default User and Administrator

Reply
Thread Tools

Re: W2k Default User and Administrator

 
 
T.N.O.
Guest
Posts: n/a
 
      07-08-2003
T-Boy wrote
> This isn't "your" network"


yeah ok I'll give you that.

> - as said, *most* small business
> networks are setup so that each local user "owns" their PC -
> and can install s/w onto them without having to see an
> administrator (most small business setups don't *have* a
> dedicated network administrator).


I realise that there would not be a dedicated administrator, but
still, I would hardly rate a school as a small business(in network
terms) as kids will destroy anything, all they would need is a logged
in machine, and they could trash it if that user had admin rights on
that machine.

Also, as they are running AD they have a domain controller, so are
running a server OS, which I would assume they would have some "sort
of administrator" that does tech work for them(most likely Matthew
Strickland?)

> The PC is totally safe as setup like this, the local user has a
> machine that only they can change (no other user will have
> local rights).


The PC is entirely not safe like this.
If anyone has admin rights, they can essencially destroy the PC.

> On large networks, sure; roaming profiles, lockdown desktops
> and workstations are the way to go.


yeah sure...

> And sure this may well
> apply to small networks too, operating in a corporate
> environment under a larger business umbrella where the setup is
> dictated.


Well dictated is rather strong language, but I guess it is true

> But it'll be a fair bit dearer to admin...


yes and no.
Dearer for some things, but if users cant break things, there is less
admin work.

> user
> wants something, phone the helpdesk


Doesn't need to be a helpdesk, this is only a school... maybe user
emails "sudo admin"

> fill in a request for
> change


no need, email is all that is required. maybe add something like a
cost code to each teacher so that requests have some sort of ID on
them - digital signature - you can get them free now for non
commercial use(I assume that schools are non-commercial)

> goes through change management process (might take a
> week - chit, might only have change management meetings once a
> week), decision is made, change is implemented or isn't.


no need, all that is required is the above method.
I know it works as I have seen it running.

> Most small busines's do *not* operate like that - nor do they
> wish to. Local PC autonomy is typical and recommended even by
> operating system makers such as Microsoft.


yeah, but running an smtp server that accepts any requests was also
recommended by MS until a couple of years back.

> (Check out an SBS
> workstation setup - as recommended by Microsoft). This does
> not mean (BTW) that desktops can not be further locked down,
> nor does it stop group policy implemnented workstation
> lockdown.


Dont have the time or inclination to check it out.
 
Reply With Quote
 
 
 
 
T.N.O.
Guest
Posts: n/a
 
      07-09-2003
Matthew Strickland wrote:
> NTFS, and you use a complex local admin password. (I have had cases of users
> hacking NTFS partitions, deleting sam or decoding sam files and gaining
> local admin access)...


you could always rename the local admin account to something stupid that
no-one would guess, then make another account with the username
"administrator" and only having guest rights... that would do it
wouldn't it?

 
Reply With Quote
 
 
 
 
Matthew Strickland
Guest
Posts: n/a
 
      07-10-2003
Yes it sure would, its been a suggestion before

Thanks anyway guys, ill tackle it all next week. At least its holidays!

Matt

"T.N.O." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Matthew Strickland wrote:
> > NTFS, and you use a complex local admin password. (I have had cases of

users
> > hacking NTFS partitions, deleting sam or decoding sam files and gaining
> > local admin access)...

>
> you could always rename the local admin account to something stupid that
> no-one would guess, then make another account with the username
> "administrator" and only having guest rights... that would do it
> wouldn't it?
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
2473-1 Systems Administrator - IBM RequisitePro Administrator,Chicago,Illinois.- Isaac Java 0 10-20-2010 07:44 PM
WCF service install on 2003 fails using new ADMIN user but works as user ADMINISTRATOR Scott ASP .Net 2 11-13-2008 04:03 PM
need administrator...but no administrator century.dave Windows 64bit 2 12-09-2007 12:47 PM
Web Service uses ASPNET user although changed to administrator user in IIS okaminer ASP .Net Web Services 0 02-02-2005 07:00 AM
W2K Prof. to W2K Prof. File & Printer Sharing Not Working =?Utf-8?B?Qm9i?= Wireless Networking 14 12-17-2004 06:20 PM



Advertisments